NY Attorney General Warns New Yorkers About Identity Theft Risk from PJ&A Data Breach
At least 4 million New Yorkers in New York City and Syracuse had their sensitive information stolen in a data breach at the Nevada medical transcription service provider Perry Johnson & Associates (PJ&A). The PJ&A data breach was announced earlier this month and has affected almost 9 million individuals across the United States. While the breach has recently been announced, hackers first gained access to PJ&A’s systems in May 2023. Hackers had access to data such as names, addresses, dates of birth, medical record numbers, hospital account numbers, admission diagnosis, dates/times of service, Social Security numbers, insurance information, and medical and clinical information.
This week, New York Attorney General Letitia James issued a warning to all New Yorkers who have received a data breach notification from PJ&A to take steps to protect themselves against identity theft and fraud. New York healthcare providers affected include Northwell Health, the largest healthcare provider in New York, and Crouse Health in Syracuse.
When a data breach occurs at a business associate and the business associate issues notifications, there is potential for confusion. Individuals receiving notification letters are unlikely to be aware that the business associate had their data and may even dismiss the letter as a scam and take no action. After receiving notification letters from PJ&A, several individuals took to Reddit to seek answers as they were unsure whether the letters were genuine.
Attorney General James warned New Yorkers who receive a notification letter to be on alert as the stolen data may be misused. “I urge all New Yorkers affected by this data breach to stay alert and take these important steps to protect themselves,” said Attorney General James. “Bad actors can use the stolen information to impersonate individuals or cause financial harm. Identity theft is a serious issue, and my office will continue to take action to keep New Yorkers safe.” The same advice applies to all Americans who receive a notification letter.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The suggested actions include using credit monitoring services to track credit reports and generate alerts when a change is made to a credit file, placing a credit freeze on credit reports to ensure that new credit accounts cannot be opened, placing fraud alerts on credit reports to inform lenders and creditors to take extra steps to confirm identity before issuing credit, and obtaining copies of medical records from healthcare providers, pharmacies, and health insurers and checking for anything that seems incorrect, as it could indicate medical identity theft.
Records should also be kept of any time spent protecting against identity theft and fraud and any expenses that are incurred. It may be possible to recover costs by participating in a class action lawsuit and if there is a settlement, proof of losses will likely need to be provided when submitting a claim.
